package com.wzz.seckillone.config;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.LinkedHashMap;

/**
 * @ProjectName: jwt
 * @Package: com.wzz.jwt.config
 * @ClassName: ShiroConfig
 * @Author: wzz
 * @Description: shiro配置类
 * @Date: 2022/3/17 14:04
 * @Version: 1.0
 */
@Configuration
public class ShiroConfig {

    //shiro的默认过滤器
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
        filter.setSecurityManager(securityManager);
        //设置默认界面
        //无权 跳转页面
        filter.setUnauthorizedUrl("/notRole");
        //未登录跳转页面
        filter.setLoginUrl("/login/toLogin");

        //拦截器设置
        HashMap<String, String> map = new LinkedHashMap<>();
        //先开放登录接口
        /*相关参数说明
        * anon：无参  开放权限 类似于游客
        * authc 无参 需要认证
        * logout 注销
        * perms[] 参数可多个 需要某些权限
        * roles[] 参数可多个 需要相关角色
        * */
        map.put("/login/**","anon");
        map.put("/static/**","anon");
        //user admin vip页面需权限
        /*map.put("/user/**","roles[user]");
        map.put("/admin/**","roles[admin]");
        map.put("/vip/**","roles[vip]");
*/
        //剩下的接口都拦截掉需要登录
        map.put("/**","authc");
        filter.setFilterChainDefinitionMap(map);

        return filter;
    }

    //securityManager shiro的灵魂 类似于springmvc的dispacherservlet
    @Bean
    public DefaultWebSecurityManager securityManager(MyRealm myRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myRealm);
        return securityManager;
    }

    //relam 真正与数据库交互的
    @Bean
    public MyRealm myRealm(){
        return new MyRealm();
    }
}
